.TH SECHASH 3
.SH NAME
md4, md5, sha1, hmac_md5, hmac_sha1, md5pickle, md5unpickle, sha1pickle, sha1unpickle \- cryptographically secure hashes
.SH SYNOPSIS
.B #include <u.h>
.br
.B #include <libc.h>
.br
.B #include <mp.h>
.br
.B #include <libsec.h>
.PP
.B
DigestState*	md4(uchar *data, ulong dlen, uchar *digest,
.B
			    DigestState *state)
.PP
.B
DigestState*	md5(uchar *data, ulong dlen, uchar *digest,
.B
			    DigestState *state)
.PP
.B
char*		md5pickle(MD5state *state)
.PP
.B
MD5state*		md5unpickle(char *p);
.PP
.B
DigestState*	sha1(uchar *data, ulong dlen, uchar *digest,
.B
			    DigestState *state)
.PP
.B
char*		sha1pickle(MD5state *state)
.PP
.B
MD5state*		sha1unpickle(char *p);
.PP
.B
DigestState*	hmac_md5(uchar *data, ulong dlen,
.br
.B
			    uchar *key, ulong klen,
.br
.B
			    uchar *digest, DigestState *state)
.PP
.B
DigestState*	hmac_sha1(uchar *data, ulong dlen,
.br
.B
			    uchar *key, ulong klen,
.br
.B
			    uchar *digest, DigestState *state)
.SH DESCRIPTION
.PP
These functions implement
the cryptographic hash functions MD4, MD5, and SHA1.  The output of the
hash is called a
.IR digest .
A hash is secure if, given the hashed data and the digest,
it is difficult to predict the change to the digest resulting
from some change to the data without rehashing
the whole data.  Therefore, if a secret is part of the hashed
data, the digest can be used as an integrity check of the data by anyone
possessing the secret.
.PP
The routines
.IR md4 ,
.IR md5 ,
.IR sha1 ,
.IR hmac_md5 ,
and
.I hmac_sha1
differ only in the length of the resulting digest
and in the security of the hash.  Usage for each is the same.
The first call to the routine should have
.B nil
as the 
.I state
parameter.  This call returns a state which can be used to chain
subsequent calls.
The last call should have digest non-\fBnil\fR.
.I Digest
must point to a buffer of at least the size of the digest produced.
This last call will free the state and copy the result into
.IR digest .
For example, to hash a single buffer using
.IR md5 :
.EX

	uchar digest[MD5dlen];

	md5(data, len, digest, nil);
.EE
.PP
To chain a number of buffers together,
bounded on each end by some secret:
.EX

	char buf[256];
	uchar digest[MD5dlen];
	DigestState *s;

	s = md5("my password", 11, nil, nil);
	while((n = read(fd, buf, 256)) > 0)
		md5(buf, n, nil, s);
	md5("drowssap ym", 11, digest, s);
.EE
.PP
The constants
.IR MD4dlen ,
.IR MD5dlen ,
and
.I SHA1dlen
define the lengths of the digests.
.PP
.I Hmac_md5
and
.I hmac_sha1
are used slightly differently.  These hash algorithms are keyed and require
a key to be specified on every call.
The digest lengths for these hashes are
.I MD5dlen
and
.I SHA1dlen
respectively.
.PP
The functions
.I md5pickle
and
.I sha1pickle
marshal the state of a digest for transmission.
.I Md5unpickle
and
.I sha1unpickle
unmarshal a pickled digest.
All four routines return a pointer to a newly
.IR malloc (3)'d
object.
.SH SOURCE
.B \*9/src/libsec
.SH SEE ALSO
.IR aes (3),
.IR blowfish (3),
.IR des (3),
.IR elgamal (3),
.IR rc4 (3),
.IR rsa (3)
